widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am b2af1e63: OEMCrypto Version 9 API (KLP Modular Version)

Browse Source 
* commit 'b2af1e6303f683833f09eeb3e808597b8ee7f076':
  OEMCrypto Version 9 API (KLP Modular Version)
This commit is contained in:
Jeff Tinker
2014-03-10 18:35:36 +00:00
committed by Android Git Automerger
parent 4ad288f0c0 b2af1e6303
commit c10898e897
8 changed files with 1136 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -382,7 +382,7 @@ CdmResponseType CryptoSession::LoadKeys(const std::string& message,
OEMCryptoResult sts = OEMCrypto_LoadKeys(
oec_session_id_, msg, message.size(),
reinterpret_cast<const uint8_t*>(signature.data()), signature.size(),
enc_mac_key_iv, enc_mac_key, num_keys, &load_key_array[0]);
enc_mac_key_iv, enc_mac_key, num_keys, &load_key_array[0], NULL, 0);
if (OEMCrypto_SUCCESS == sts) {
return KEY_ADDED;
@@ -514,7 +514,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, bool use_rsa,
if (use_rsa) {
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(), NULL, &length);
message.size(), NULL, &length, kSign_RSASSA_PSS);
if (OEMCrypto_ERROR_SHORT_BUFFER != sts) {
LOGD("GenerateSignature: OEMCrypto_GenerateRSASignature err=%d", sts);
return false;
@@ -537,7 +537,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, bool use_rsa,
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length);
&length, kSign_RSASSA_PSS);
} else {
sts = OEMCrypto_GenerateSignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),

20
libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
View File

@@ -48,7 +48,8 @@ typedef OEMCryptoResult (*L1_LoadKeys_t)(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys,
const OEMCrypto_KeyObject* key_array);
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst, size_t pst_length);
typedef OEMCryptoResult (*L1_RefreshKeys_t)(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length, size_t num_keys,
@@ -88,7 +89,8 @@ typedef OEMCryptoResult (*L1_GenerateRSASignature_t)(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length);
size_t* signature_length,
RSA_Padding_Scheme algorithm);
typedef OEMCryptoResult (*L1_DeriveKeysFromSessionKey_t)(
OEMCrypto_SESSION session, const uint8_t* enc_session_key,
size_t enc_session_key_length, const uint8_t* mac_key_context,
@@ -239,9 +241,10 @@ class Adapter {
return false;
}
uint32_t level1_version = level1_.APIVersion();
if (level1_version != oec_latest_version) {
uint32_t minimum_version = 8; // TODO(fredgc): allow version 8 and 9?
if (level1_version < minimum_version) {
LOGW("liboemcrypto.so is version %d, not %d. Falling Back to L3.",
level1_version, oec_latest_version);
level1_version, minimum_version);
return false;
}
if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) {
@@ -439,13 +442,14 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys,
const OEMCrypto_KeyObject* key_array) {
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst, size_t pst_length) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
LevelSession pair = kAdapter->get(session);
if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
return pair.fcn->LoadKeys(pair.session, message, message_length, signature,
signature_length, enc_mac_key_iv, enc_mac_key,
num_keys, key_array);
num_keys, key_array, pst, pst_length);
}
extern "C" OEMCryptoResult OEMCrypto_RefreshKeys(
@@ -579,12 +583,12 @@ extern "C" OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(
extern "C" OEMCryptoResult OEMCrypto_GenerateRSASignature(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
uint8_t* signature, size_t* signature_length) {
uint8_t* signature, size_t* signature_length, RSA_Padding_Scheme algorithm) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
LevelSession pair = kAdapter->get(session);
if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
return pair.fcn->GenerateRSASignature(pair.session, message, message_length,
signature, signature_length);
signature, signature_length, algorithm);
}
extern "C" OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(

BIN
libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
View File

Binary file not shown.

BIN
libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf
View File

Binary file not shown.

1405
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

File diff suppressed because it is too large Load Diff

7
libwvdrmengine/oemcrypto/include/level3.h
View File

@@ -70,7 +70,9 @@ OEMCryptoResult Level3_LoadKeys(OEMCrypto_SESSION session,
const uint8_t* enc_mac_key_iv,
const uint8_t* enc_mac_key,
size_t num_keys,
const OEMCrypto_KeyObject* key_array);
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst,
size_t pst_length);
OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
@@ -122,7 +124,8 @@ OEMCryptoResult Level3_GenerateRSASignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t *signature_length);
size_t *signature_length,
RSA_Padding_Scheme algorithm);
OEMCryptoResult Level3_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
const uint8_t* enc_session_key,
size_t enc_session_key_length,

64
libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
View File

@@ -263,7 +263,9 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
const uint8_t* enc_mac_key_iv,
const uint8_t* enc_mac_keys,
size_t num_keys,
const OEMCrypto_KeyObject* key_array) {
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst,
size_t pst_length) {
if (trace_all_calls) {
printf("-- OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,\n");
dump_hex("message", message, message_length);
@@ -892,7 +894,8 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length) {
size_t* signature_length,
RSA_Padding_Scheme algorithm) {
if (trace_all_calls) {
printf("-- OEMCryptoResult OEMCrypto_GenerateRSASignature()\n");
dump_hex("message", message, message_length);
@@ -925,6 +928,11 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
if (algorithm != kSign_RSASSA_PSS) {
LOGE("[OEMCrypto_GenerateRSASignature(): OEMCrypto_ERROR_NOT_IMPLEMENTED]");
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
if (session_ctx->GenerateRSASignature(message,
message_length,
signature,
@@ -987,7 +995,7 @@ OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(
extern "C"
uint32_t OEMCrypto_APIVersion() {
return oec_latest_version;
return 9;
}
extern "C"
@@ -995,6 +1003,16 @@ const char* OEMCrypto_SecurityLevel() {
return "L3";
}
extern "C"
OEMCryptoResult OEMCrypto_GetHDCPCapability(OEMCrypto_HDCP_Capability *current,
OEMCrypto_HDCP_Capability *maximum) {
if (current == NULL) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
if (maximum == NULL) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
*current = 0;
*maximum = 0;
return OEMCrypto_SUCCESS;
}
extern "C"
OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
const uint8_t* in_buffer,
@@ -1114,4 +1132,44 @@ OEMCryptoResult OEMCrypto_Generic_Verify(OEMCrypto_SESSION session,
return OEMCrypto_SUCCESS;
}
extern "C"
bool OEMCrypto_SupportsUsageTable() {
return false;
}
extern "C"
OEMCryptoResult OEMCrypto_UpdateUsageTable() {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t *pst,
size_t pst_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session,
const uint8_t *pst,
size_t pst_length,
OEMCrypto_PST_Report *buffer,
size_t *buffer_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_DeleteUsageEntry(OEMCrypto_SESSION session,
const uint8_t* pst,
size_t pst_length,
const uint8_t *message,
size_t message_length,
const uint8_t *signature,
size_t signature_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_DeleteUsageTable() {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
}; // namespace wvoec_mock

34
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -951,7 +951,7 @@ class Session {
OEMCrypto_LoadKeys(session_id(), message_ptr, sizeof(encrypted),
&signature[0], signature.size(),
encrypted.mac_key_iv, encrypted.mac_keys,
kNumKeys, key_array));
kNumKeys, key_array, NULL, 0));
// Update new generated keys.
memcpy(&mac_key_server_[0], data.mac_keys, wvcdm::MAC_KEY_SIZE);
memcpy(&mac_key_client_[0], data.mac_keys+wvcdm::MAC_KEY_SIZE,
@@ -1496,7 +1496,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
cout << " OEMCrypto Security Level is "<< level << endl;
uint32_t version = OEMCrypto_APIVersion();
cout << " OEMCrypto API version is " << version << endl;
ASSERT_EQ(oec_latest_version, version);
ASSERT_EQ(9, version);
testTearDown();
}
@@ -1952,7 +1952,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithNoMAC) {
message_ptr, sizeof(encrypted),
&signature[0], signature.size(),
NULL, NULL,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -1987,7 +1987,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange1) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
&mac_keys[0], // Not pointing into buffer.
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2019,7 +2019,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange2) {
&signature[0], signature.size(),
&mac_key_iv[0], // bad.
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2053,7 +2053,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange3) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2087,7 +2087,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange4) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2121,7 +2121,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange5) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2155,7 +2155,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange6) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2189,7 +2189,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange7) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2220,7 +2220,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadNonce) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -2254,7 +2254,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadVerification) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -2289,7 +2289,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeysBadSignature) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -2322,7 +2322,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeysWithNoDerivedKeys) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -3131,7 +3131,7 @@ TEST_F(DISABLED_TestKeybox, RSASignature) {
sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0],
licenseRequest.size(), NULL,
&signature_length);
&signature_length, kSign_RSASSA_PSS);
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
ASSERT_NE(static_cast<size_t>(0), signature_length);
@@ -3140,7 +3140,7 @@ TEST_F(DISABLED_TestKeybox, RSASignature) {
sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0],
licenseRequest.size(), signature,
&signature_length);
&signature_length, kSign_RSASSA_PSS);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
// In the real world, the signature above would just have been used to contact
@@ -3270,7 +3270,7 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
}